Workaround for Bug #4754 / #4537 no longer working in 2.3?

  • Dear Community,

    After upgrading to 2.2 I ran into the following Bugs:

    Bug #4537
    Bug #4754

    I have found a discussion: pfSense 2.2 crashes (hard) when accessing Web Configurator from remote IPsec VPN.
    In short: Every attempt to connect to a local service (i.e. ssh, WebGUI, DNS) over an IPSec Connection leads to a kernel panic.

    I have set net.inet.ipsec.directdispatch=0 as a workaround and everything ran fine. This worked until i updated to Version 2.3.

    Now I have exactly the same issue as described in the above mentioned bugs. The system tunable net.inet.ipsec.directdispatch ist still set to 0 but "sysctl -a" doesn't show any variable with this name. Is this parameter still available in 2.3?
    I run 2.3.1-RELEASE-p5 (i386) on an ALIX.2D13 board.

    Does anyone have any idea how to further investigate this behavior or to solve this problem?

    Thanks a lot,

  • Rebel Alliance Developer Netgate

    I hadn't heard of that still being a problem on 2.3. It does seem that the tunable in question is no longer present, but there may not be much that can be done for that currently. The problem is specific to i386 and that is a dying platform.

    You might be able to get a similar effect by setting a tunable for net.isr.dispatch=deferred since it defaults to direct, but it may have other side effects. Since the ALIX only has one CPU core it may not hurt that much though.

  • Thank you jimp,

    setting net.isr.dispatch=deferred solved my problem and should work until the hardware will be upgraded next year.

Log in to reply